Stop Syncing Onprem AD Users to Entra ID using Sync Rule Editor

Use case - Stop Syncing Onprem AD Users to Entra ID.

Example - I have bunch of Users naming Dummyuser1, Dummyuser2, .... Dummyuser10 & initially there are syncing to Entra ID.

I also have an Onprem AD Group named "DenySyncingADUsers_Cloud". I need to implement a scenario where Users named "Dummyuser1, Dummyuser2 , Dummyuser3 & Dummyuser9" should not be Syncing to Entra ID.

Initial View

Steps

1. Login to your AzureAD Connect Server & Navigate to Sync rule Editor ( Start --> Search for Synchronization Rule Editor )

2. Choose direction as Inbound since this rule is from Onprem to Entra AD & click on Add New rule.

3. Fill the below details - 

Name - Name of the Rule

Description - Brief description about the rule.

Connected System - Onprem Domain

Connected System Object Type - What's the object type in Onprem domain for which you are creating the rule. ( User )

Metaverse Object Type - What the object type in Entra AD for which you are creating the rule. (Person)

Link Type - Join

Precedence - Priority of the rule.

4. Once filled, click next & apply Scoping filter.

Scoping would be - DN is member of "AD Group". This means any object that is member of "AD Group" would be considered under this rule.

In this case it would be : "User Object DN" is member of "DenySyncingADUsers_Cloud DN"

5. We will leave the Join rules as it is. Under Transformations, we can set a constant "Cloudfiltered" to true. This means any object that is impacted due to this rule will have Cloudfiltered set to "TRUE"..

6. Click Finish. Rule would be created. You need to wait for the next Sync cycle to run or you can manually trigger the Sync as well.

7. Testing the results. First adding the accounts that we don't want to Sync anymore.

8. Initiating Manual Sync using below command

9. Observing the results. You won't see Dummyuser1,2,3 & 9 in Entra AD now post Sync.